From 5c8551e51130c15322b620e3a11028fabd8cb18b Mon Sep 17 00:00:00 2001 From: Mircea Troaca Date: Mon, 5 Nov 2018 16:11:20 +0200 Subject: [PATCH] initial form --- active_checks.py | 2290 ++++++++++++++++++++++++++++++++++++++++++++++ check_ldap | 79 ++ 2 files changed, 2369 insertions(+) create mode 100644 active_checks.py create mode 100644 check_ldap diff --git a/active_checks.py b/active_checks.py new file mode 100644 index 0000000..aae43a2 --- /dev/null +++ b/active_checks.py @@ -0,0 +1,2290 @@ +#!/usr/bin/python +# -*- encoding: utf-8; py-indent-offset: 4 -*- +# +------------------------------------------------------------------+ +# | ____ _ _ __ __ _ __ | +# | / ___| |__ ___ ___| | __ | \/ | |/ / | +# | | | | '_ \ / _ \/ __| |/ / | |\/| | ' / | +# | | |___| | | | __/ (__| < | | | | . \ | +# | \____|_| |_|\___|\___|_|\_\___|_| |_|_|\_\ | +# | | +# | Copyright Mathias Kettner 2014 mk@mathias-kettner.de | +# +------------------------------------------------------------------+ +# +# This file is part of Check_MK. +# The official homepage is at http://mathias-kettner.de/check_mk. +# +# check_mk is free software; you can redistribute it and/or modify it +# under the terms of the GNU General Public License as published by +# the Free Software Foundation in version 2. check_mk is distributed +# in the hope that it will be useful, but WITHOUT ANY WARRANTY; with- +# out even the implied warranty of MERCHANTABILITY or FITNESS FOR A +# PARTICULAR PURPOSE. See the GNU General Public License for more de- +# tails. You should have received a copy of the GNU General Public +# License along with GNU Make; see the file COPYING. If not, write +# to the Free Software Foundation, Inc., 51 Franklin St, Fifth Floor, +# Boston, MA 02110-1301 USA. + +register_rulegroup("activechecks", + _("Active checks (HTTP, TCP, etc.)"), + _("Configure active networking checks like HTTP and TCP")) +group = "activechecks" + +# These elements are also used in check_parameters.py +check_icmp_params = [ + ( "rta", + Tuple( + title = _("Round trip average"), + elements = [ + Float(title = _("Warning if above"), unit = "ms", default_value = 200.0), + Float(title = _("Critical if above"), unit = "ms", default_value = 500.0), + ])), + ( "loss", + Tuple( + title = _("Packet loss"), + help = _("When the percentage of lost packets is equal or greater then " + "this level, then the according state is triggered. The default for critical " + "is 100%. That means that the check is only critical if all packets " + "are lost."), + elements = [ + Percentage(title = _("Warning at"), default_value = 80.0), + Percentage(title = _("Critical at"), default_value = 100.0), + ])), + + ( "packets", + Integer( + title = _("Number of packets"), + help = _("Number ICMP echo request packets to send to the target host on each " + "check execution. All packets are sent directly on check execution. Afterwards " + "the check waits for the incoming packets."), + minvalue = 1, + maxvalue = 20, + default_value = 5, + )), + + ( "timeout", + Integer( + title = _("Total timeout of check"), + help = _("After this time (in seconds) the check is aborted, regardless " + "of how many packets have been received yet."), + minvalue = 1, + )), +] + +imap_parameters = Dictionary( + title = "IMAP", + optional_keys = [], + elements = [ + ('server', TextAscii( + title = _('IMAP Server'), + allow_empty = False, + help = _('You can specify a hostname or IP address different from the IP address ' + 'of the host this check will be assigned to.') + )), + ('ssl', CascadingDropdown( + title = _('SSL Encryption'), + default_value = (False, 143), + choices = [ + (False, _('Use no encryption'), + Optional(Integer( + allow_empty = False, + default_value = 143, + ), + title = _('TCP Port'), + help = _('By default the standard IMAP Port 143 is used.'), + )), + (True, _('Encrypt IMAP communication using SSL'), + Optional(Integer( + allow_empty = False, + default_value = 993, + ), + title = _('TCP Port'), + help = _('By default the standard IMAP/SSL Port 993 is used.'), + )), + ], + )), + ('auth', Tuple( + title = _('Authentication'), + elements = [ + TextAscii( + title = _('Username'), + allow_empty = False, + size = 24 + ), + IndividualOrStoredPassword( + title = _('Password'), + allow_empty = False, + size = 12 + ), + ], + )), + ], +) + +pop3_parameters = Dictionary( + optional_keys = ['server'], + elements = [ + ('server', TextAscii( + title = _('POP3 Server'), + allow_empty = False, + help = _('You can specify a hostname or IP address different from the IP address ' + 'of the host this check will be assigned to.') + )), + ('ssl', CascadingDropdown( + title = _('SSL Encryption'), + default_value = (False, 110), + choices = [ + (False, _('Use no encryption'), + Optional(Integer( + allow_empty = False, + default_value = 110, + ), + title = _('TCP Port'), + help = _('By default the standard POP3 Port 110 is used.'), + )), + (True, _('Encrypt POP3 communication using SSL'), + Optional(Integer( + allow_empty = False, + default_value = 995, + ), + title = _('TCP Port'), + help = _('By default the standard POP3/SSL Port 995 is used.'), + )), + ], + )), + ('auth', Tuple( + title = _('Authentication'), + elements = [ + TextAscii( + title = _('Username'), + allow_empty = False, + size = 24 + ), + IndividualOrStoredPassword( + title = _('Password'), + allow_empty = False, + size = 12 + ), + ], + )), + ], +) + +mail_receiving_params = [ + ('fetch', CascadingDropdown( + title = _('Mail Receiving'), + choices = [ + ('IMAP', _('IMAP'), imap_parameters), + ('POP3', _('POP3'), pop3_parameters), + ] + )) +] + + +register_rule(group, + "active_checks:ssh", + Dictionary( + title = _("Check SSH service"), + help = _("This rulset allow you to configure a SSH check for a host"), + elements = [ + ( "description", + TextUnicode( + title = _("Service Description"), + )), + ("port", + Integer( + title = _("TCP port number"), + default_value = 22), + ), + ("timeout", + Integer( + title = _("Connect Timeout"), + help = _("Seconds before connection times out"), + default_value = 10), + ), + ("remote_version", + TextAscii( + title = _("Version of Server"), + help = _("Warn if string doesn't match expected server version (ex: OpenSSH_3.9p1)"), + )), + ("remote_protocol", + TextAscii( + title = _("Protocol of Server"), + help = _("Warn if protocol doesn't match expected protocol version (ex: 2.0)"), + )), + ] + ), + match="all") + +register_rule(group, + "active_checks:icmp", + Dictionary( + title = _("Check hosts with PING (ICMP Echo Request)"), + help = _("This ruleset allows you to configure explicit PING monitoring of hosts. " + "Usually a PING is being used as a host check, so this is not neccessary. " + "There are some situations, however, where this can be useful. One of them " + "is when using the Check_MK Micro Core with SMART Ping and you want to " + "track performance data of the PING to some hosts, nevertheless."), + elements = [ + ( "description", + TextUnicode( + title = _("Service Description"), + allow_empty = False, + default_value = "PING", + )), + ( "address", + CascadingDropdown( + title = _("Alternative address to ping"), + help = _("If you omit this setting then the configured IP address of that host " + "will be pinged. You can set an alternative address here (e.g. when " + "you want to check a secondary IP address of the host in question)."), + orientation = "horizontal", + choices = [ + ("address", _("Ping the normal IP address")), + ("alias", _("Use the alias as DNS name / IP address")), + ("explicit", _("Ping the following explicit address / DNS name"), Hostname()), + ("all_ipv4addresses", _("Ping all IPv4 addresses")), + ("all_ipv6addresses", _("Ping all IPv6 addresses")), + ("additional_ipv4addresses", _("Ping additional IPv4 addresses")), + ("additional_ipv6addresses", _("Ping additional IPv6 addresses")), + ] + )), + ] + check_icmp_params, + ), + match = "all", +) + +# Several active checks just had crit levels as one integer +def transform_cert_days(cert_days): + if type(cert_days) != tuple: + return (cert_days, 0) + else: + return cert_days + + +register_rule(group, + "active_checks:ftp", + Transform( + Dictionary( + elements = [ + ("port", + Integer( + title = _("Portnumber"), + default_value = 21, + ) + ), + ( "response_time", + Tuple( + title = _("Expected response time"), + elements = [ + Float( + title = _("Warning if above"), + unit = "ms", + default_value = 100.0), + Float( + title = _("Critical if above"), + unit = "ms", + default_value = 200.0), + ]) + ), + ( "timeout", + Integer( + title = _("Seconds before connection times out"), + unit = _("sec"), + default_value = 10, + ) + ), + ( "refuse_state", + DropdownChoice( + title = _("State for connection refusal"), + choices = [ ('crit', _("CRITICAL")), + ('warn', _("WARNING")), + ('ok', _("OK")), + ]) + ), + + ( "send_string", + TextAscii( + title = _("String to send"), + size = 30) + ), + ( "expect", + ListOfStrings( + title = _("Strings to expect in response"), + orientation = "horizontal", + valuespec = TextAscii(size = 30), + ) + ), + + ( "ssl", + FixedValue( + value = True, + totext = _("use SSL"), + title = _("Use SSL for the connection.")) + + ), + ( "cert_days", + Transform( + Tuple( + title = _("SSL certificate validation"), + help = _("Minimum number of days a certificate has to be valid"), + elements = [ + Integer(title = _("Warning at or below"), minvalue = 0, unit = _("days")), + Integer(title = _("Critical at or below"), minvalue = 0, unit = _("days")), + ], + ), + forth = transform_cert_days, + ), + ), + ]), + forth = lambda x: type(x) == tuple and x[1] or x, + title = _("Check FTP Service"), + ), + match = "all", +) + +register_rule( + group, + "active_checks:sftp", + Tuple( + title = _("Check SFTP Service"), + help = _("Check functionality of a SFTP server. You can use the default values for putting or getting " + "a file. This file will then be created for the test and deleted afterwards. It will of course not " + "deleted if it was not created by this active check."), + elements = [ + TextAscii( + title = _("Hostname"), + allow_empty = False), + TextAscii( + title = _("Username"), + allow_empty = False), + IndividualOrStoredPassword( + title = _("Password"), + allow_empty = False), + Dictionary( + elements = [ + ("description", + TextAscii( + title = _("Service Description"), + default_value = "SFTP", + size = 30) + ), + ("port", + Integer( + title = _("Port"), + default_value = 22) + ), + ("timeout", + Integer( + title = _("Timeout"), + default_value = 10) + ), + ("timestamp", + TextAscii( + title = _("Timestamp of a remote file"), + size = 30, + help = _("Show timestamp of a given file. You only need to specify the " + "relative path of the remote file. Examples: \'myDirectory/testfile\' " + " or 'testfile'")), + ), + ("put", + Tuple( + title = _("Put file to SFTP server"), + elements = [ + TextAscii( + title = _("Local file"), + size = 30, + default_value = "tmp/check_mk_testfile", + help = _("Local path including filename. Base directory for this relative path " + "will be the home directory of your site. The testfile will be created " + "if it does not exist. Examples: \'tmp/testfile\' (file will be located in " + "$OMD_ROOT/tmp/testfile )")), + TextAscii( + title = _("Remote destination"), + size = 30, + default_value = "", + help = _("Remote path where to put the file. If you leave this empty, the file will be placed " + "in the home directory of the user. Example: \'myDirectory\' ")), + ]) + ), + ("get", + Tuple( + title = _("Get file from SFTP server"), + elements = [ + TextAscii( + title = _("Remote file"), + size = 30, + default_value = "check_mk_testfile", + help = _("Remote path including filename " + "(e.g. \'testfile\'). If you also enabled " + "'Put file to SFTP server', you can use the same file for both tests.")), + TextAscii( + title = _("Local destination"), + size = 30, + default_value = "tmp", + help = _("Local path where to put the downloaded file " + "(e.g. \'tmp\' ).")), + ]) + ), + ] + )]), + match = "all", +) + +register_rule(group, + "active_checks:dns", + Tuple( + title = _("Check DNS service"), + help = _("Check the resolution of a hostname into an IP address by a DNS server. " + "This check uses check_dns from the standard Nagios plugins."), + elements = [ + TextAscii( + title = _("Queried Hostname or IP address"), + allow_empty = False, + help = _('The name or IPv4 address you want to query')), + Dictionary( + title = _("Optional parameters"), + elements = [ + ("name", + TextUnicode( + title = _("Alternative Service description"), + help = _("The service description will be this name instead DNS Servername"), + ) + ), + ( "server", + Alternative( + title = _("DNS Server"), + elements = [ + FixedValue( value=None, totext=_("this host"), + title = _("Use this host as a DNS server for the lookup")), + TextAscii( + title = _("Specify DNS Server"), + allow_empty = False, + help = _("Optional DNS server you want to use for the lookup")), + ]) + ), + ( "expected_address", + Transform( + ListOfStrings( + title = _("Expected answer (IP address or hostname)"), + help = _("List all allowed expected answers here. If query for an " + "IP address then the answer will be host names, that end " + "with a dot."), + ), + forth = lambda old: type(old) in (str, unicode) and [old] or old, + ), + ), + ( "expected_authority", + FixedValue( + value = True, + title = _("Expect Authoritative DNS Server"), + totext = _("Expect Authoritative"), + ) + ), + ( "response_time", + Tuple( + title = _("Expected response time"), + elements = [ + Float( + title = _("Warning if above"), + unit = _("sec"), + default_value = 1), + Float( + title = _("Critical if above"), + unit = _("sec"), + default_value = 2), + ]) + ), + ( "timeout", + Integer( + title = _("Seconds before connection times out"), + unit = _("sec"), + default_value = 10, + ) + ), + ]), + ] + ), + match = 'all' +) + +register_rule(group, + "active_checks:sql", + Dictionary( + title = _("Check SQL Database"), + help = _("This check connects to the specified database, sends a custom SQL-statement " + "or starts a procedure, and checks that the result has a defined format " + "containing three columns, a number, a text, and performance data. Upper or " + "lower levels may be defined here. If they are not defined the number is taken " + "as the state of the check. If a procedure is used, input parameters of the " + "procedures may by given as comma separated list. " + "This check uses the active check check_sql."), + optional_keys = [ "levels", "levels_low", "perfdata", "port", "procedure", "host" ], + elements = [ + ( "description", + TextUnicode( + title = _("Service Description"), + help = _("The name of this active service to be displayed."), + allow_empty = False, + ) + ), + ( "dbms", + DropdownChoice( + title = _("Type of Database"), + choices = [ + ("mysql", _("MySQL")), + ("postgres", _("PostgreSQL")), + ("mssql", _("MSSQL")), + ("oracle", _("Oracle")), + ("db2", _("DB2")), + ], + default_value = "postgres", + ), + ), + ( "port", + Integer( + title = _("Database Port"), + help = _('The port the DBMS listens to'), + allow_empty = True, + ) + ), + ( "name", + TextAscii( + title = _("Database Name"), + help = _('The name of the database on the DBMS'), + allow_empty = False, + ) + ), + ( "user", + TextAscii( + title = _("Database User"), + help = _('The username used to connect to the database'), + allow_empty = False, + ) + ), + ( "password", + IndividualOrStoredPassword( + title = _("Database Password"), + help = _('The password used to connect to the database'), + allow_empty = False, + ) + ), + ( "sql", + Alternative( + title = _("Query or SQL statement"), + elements = [ + TextAscii( + title = _("SQL statement or procedure name"), + help = _('The SQL-statement or procedure name which is executed on the DBMS. It must return ' + 'a result table with one row and at least two columns. The first column must be ' + 'an integer and is interpreted as the state (0 is OK, 1 is WARN, 2 is CRIT). ' + 'Alternatively the first column can be interpreted as number value and you can ' + 'define levels for this number. The ' + 'second column is used as check output. The third column is optional and can ' + 'contain performance data.') + ), + UploadOrPasteTextFile( + title = _("Import Query"), + file_title = _("File including Query"), + default_mode = "upload", + ), + ], + allow_empty = False, + ) + ), + ( "procedure", + Dictionary( + optional_keys = [ "input" ], + title = _("Use procedure call instead of SQL statement"), + help = _("If you activate this option, a name of a stored " + "procedure is used instead of an SQL statement. " + "The procedure should return one output variable, " + "which is evaluated in the check. If input parameters " + "are required, they may be specified below."), + elements = [ + ("useprocs", + FixedValue( + value = True, + totext = _("procedure call is used"), + ) + ), + ("input", + TextAscii( + title = _("Input Parameters"), + allow_empty = True, + help = _("Input parameters, if required by the database procedure. " + "If several parameters are required, use commas to separate them."), + )), + ] + ), + ), + ( "levels", + Tuple( + title = _("Upper levels for first output item"), + elements = [ + Float( title = _("Warning if above")), + Float( title = _("Critical if above")) + ] + ) + ), + ( "levels_low", + Tuple( + title = _("Lower levels for first output item"), + elements = [ + Float( title = _("Warning if below")), + Float( title = _("Critical if below")) + ] + ) + ), + ( "perfdata", + FixedValue( + title = _("Performance Data"), + totext =_("Store output value into RRD database"), + value = True, + ) + ), + ( "host", + TextAscii( + title = _("DNS hostname or IP address"), + help = _("This defaults to the host for which the active check is configured."), + ) + ), + ] + ), + match = 'all' +) + +register_rule(group, + "active_checks:tcp", + Tuple( + title = _("Check connecting to a TCP port"), + help = _("This check tests the connection to a TCP port. It uses " + "check_tcp from the standard Nagios plugins."), + elements = [ + Integer(title = _("TCP Port"), minvalue=1, maxvalue=65535), + Dictionary( + title = _("Optional parameters"), + elements = [ + ( "svc_description", + TextUnicode( + title = _("Service description"), + allow_empty = False, + help = _("Here you can specify a service description. " + "If this parameter is not set, the service is named TCP Port [PORT NUMBER]"))), + ( "hostname", + TextAscii( + title = _("DNS Hostname"), + allow_empty = False, + help = _("If you specify a hostname here, then a dynamic DNS lookup " + "will be done instead of using the IP address of the host " + "as configured in your host properties."))), + ( "response_time", + Tuple( + title = _("Expected response time"), + elements = [ + Float( + title = _("Warning if above"), + unit = "ms", + default_value = 100.0), + Float( + title = _("Critical if above"), + unit = "ms", + default_value = 200.0), + ]) + ), + ( "timeout", + Integer( + title = _("Seconds before connection times out"), + unit = _("sec"), + default_value = 10, + ) + ), + ( "refuse_state", + DropdownChoice( + title = _("State for connection refusal"), + choices = [ ('crit', _("CRITICAL")), + ('warn', _("WARNING")), + ('ok', _("OK")), + ]) + ), + + ( "send_string", + TextAscii( + title = _("String to send"), + size = 30) + ), + ( "escape_send_string", + FixedValue( + value = True, + title = _("Expand \\n, \\r and \\t in the sent string"), + totext = _("expand escapes")) + ), + ( "expect", + ListOfStrings( + title = _("Strings to expect in response"), + orientation = "horizontal", + valuespec = TextAscii(size = 30), + ) + ), + ( "expect_all", + FixedValue( + value = True, + totext = _("expect all"), + title = _("Expect all of those strings in the response")) + ), + ( "jail", + FixedValue( + value = True, + title = _("Hide response from socket"), + help = _("As soon as you configure expected strings in " + "the response the check will output the response - " + "as long as you do not hide it with this option"), + totext = _("hide response")) + ), + ( "mismatch_state", + DropdownChoice( + title = _("State for expected string mismatch"), + choices = [ ('crit', _("CRITICAL")), + ('warn', _("WARNING")), + ('ok', _("OK")), + ]) + ), + ( "delay", + Integer( + title = _("Seconds to wait before polling"), + help = _("Seconds to wait between sending string and polling for response"), + unit = _("sec"), + default_value = 0, + ) + ), + ( "maxbytes", + Integer( + title = _("Maximum number of bytes to receive"), + help = _("Close connection once more than this number of " + "bytes are received. Per default the number of " + "read bytes is not limited. This setting is only " + "used if you expect strings in the response."), + default_value = 1024, + ), + ), + + ( "ssl", + FixedValue( + value = True, + totext = _("use SSL"), + title = _("Use SSL for the connection.")) + + ), + ( "cert_days", + Transform( + Tuple( + title = _("SSL certificate validation"), + help = _("Minimum number of days a certificate has to be valid"), + elements = [ + Integer(title = _("Warning at or below"), minvalue = 0, unit = _("days")), + Integer(title = _("Critical at or below"), minvalue = 0, unit = _("days")), + ], + ), + forth = transform_cert_days, + ), + ), + + ( "quit_string", + TextAscii( + title = _("Final string to send"), + help = _("String to send server to initiate a clean close of " + "the connection"), + size = 30) + ), + ]), + ] + ), + match = 'all' +) + +register_rule(group, + "active_checks:uniserv", Dictionary( + title = _("Check uniserv service"), optional_keys = False, elements = [ + ("port", + Integer(title = _("Port") )), + ("service", + TextAscii( + title = _("Service Name"), + help = _("Enter the uniserve service name here (has nothing to do with service description).") + )), + ("job", + CascadingDropdown( + title = _("Mode of the Check"), + help = _("Choose, whether you just want to query the version number," + " or if you want to check the response to an address query."), + choices = [ + ("version", _("Check for Version")), + ("address", _("Check for an Address"), + Dictionary( + title = _("Address Check mode"), + optional_keys = False, + elements = [ + ( "street", + TextAscii( title = _("Street name"))), + ( "street_no", + Integer( title = _("Street number"))), + ( "city", + TextAscii( title = _("City name"))), + ( "search_regex", + TextAscii( title = _("Check City against Regex"), + help = _( "The city name from the response will be checked against " + "the regular expression specified here"), + )), + ] + )), + ] + )), + + ])) + +ip_address_family_element = ("address_family", + DropdownChoice( + title = _("IP Address Family"), + choices = [ + (None, _("Primary Address Family") ), + ('ipv4', _("Enforce IPv4") ), + ('ipv6', _("Enforce IPv6") ), + ], + default_value = None + ), + ) + +register_rule(group, + "active_checks:http", + Tuple( + title = _("Check HTTP service"), + help = _("Check HTTP/HTTPS service using the plugin check_http " + "from the standard Monitoring Plugins. " + "This plugin tests the HTTP service on the specified host. " + "It can test normal (HTTP) and secure (HTTPS) servers, follow " + "redirects, search for strings and regular expressions, check " + "connection times, and report on certificate expiration times."), + elements = [ + TextUnicode( + title = _("Name"), + help = _("Will be used in the service description. If the name starts with " + "a caret (^), the service description will not be prefixed with either " + "HTTP or HTTPS." ), + allow_empty = False), + Alternative( + title = _("Mode of the Check"), + help = _("Perform a check of the URL or the certificate expiration."), + elements = [ + Dictionary( + title = _("Check the URL"), + elements = [ + ( "virthost", + Tuple( + title = _("Virtual host"), + elements = [ + TextAscii( + title = _("Name of the virtual host"), + help = _("Set this in order to specify the name of the " + "virtual host for the query (using HTTP/1.1). If you " + "leave this empty, then the IP address of the host " + "will be used instead."), + allow_empty = False + ), + Checkbox( + label = _("Omit specifying an IP address"), + help = _("Usually Check_MK will nail this check to the " + "IP address of the host it is attached to. With this " + "option you can have the check use the name of the " + "virtual host instead and do a dynamic DNS lookup."), + true_label = _("omit IP address"), + false_label = _("specify IP address"), + ), + ] + ) + ), + ( "uri", + TextAscii( + title = _("URI to fetch (default is /)"), + allow_empty = False, + default_value = "/" + ) + ), + ( "port", + Integer( + title = _("TCP Port"), + minvalue = 1, + maxvalue = 65535, + default_value = 80 + ) + ), + ip_address_family_element, + ("ssl", Transform( + DropdownChoice( + title = _("Use SSL/HTTPS for the connection"), + choices = [ + ("auto", _("Use SSL with auto negotiation")), + ("1.2", _("Use SSL, enforce TLSv1.2")), + ("1.1", _("Use SSL, enforce TLSv1.1")), + ("1", _("Use SSL, enforce TLSv1")), + ("2", _("Use SSL, enforce SSLv2")), + ("3", _("Use SSL, enforce SSLv3")), + ], + default_value = "auto", + ), + forth = lambda x: x == True and "auto" or x, + )), + ( "sni", + FixedValue( + value = True, + totext = _("enable SNI"), + title = _("Enable SSL/TLS hostname extension support (SNI)"), + ) + ), + ( "response_time", + Tuple( + title = _("Expected response time"), + elements = [ + Float( + title = _("Warning if above"), + unit = "ms", + default_value = 100.0 + ), + Float( + title = _("Critical if above"), + unit = "ms", + default_value = 200.0 + ), + ] + ) + ), + ( "timeout", + Integer( + title = _("Seconds before connection times out"), + unit = _("sec"), + default_value = 10, + ) + ), + ( "user_agent", + TextAscii( + title = _("User Agent"), + help = _("String to be sent in http header as \"User Agent\""), + allow_empty = False, + ), + ), + ( "add_headers", + ListOfStrings( + title = _("Additional header lines"), + orientation = "vertical", + valuespec = TextAscii(size = 40), + ), + ), + ( "auth", + Tuple( + title = _("Authorization"), + help = _("Credentials for HTTP Basic Authentication"), + elements = [ + TextAscii( + title = _("Username"), + size = 12, + allow_empty = False + ), + IndividualOrStoredPassword( + title = _("Password"), + ) + ] + ) + ), + ( "proxy", + TextAscii( + title = _("Proxy host"), + help = _("To use a proxy you have to use the Port of the proxy, " + "specify the virtual host and the URL to fetch, " + "use the HTTP Method CONNECT, and use SSL/HTTPS " + "for the connection") + ), + ), + ( "proxy_auth", + Tuple( + title = _("Proxy-Authorization"), + help = _("Credentials for HTTP Proxy with basic authentication"), + elements = [ + TextAscii( + title = _("Username"), + size = 12, + allow_empty = False + ), + IndividualOrStoredPassword( + title = _("Password"), + ), + ] + ) + ), + ( "onredirect", + DropdownChoice( + title = _("How to handle redirect"), + choices = [ + ( 'ok', _("Make check OK") ), + ( 'warning', _("Make check WARNING") ), + ( 'critical', _("Make check CRITICAL") ), + ( 'follow', _("Follow the redirection") ), + ( 'sticky', _("Follow, but stay to same IP address") ), + ( 'stickyport', _("Follow, but stay to same IP-address and port") ), + ], + default_value = 'follow' + ), + ), + ( "expect_response_header", + TextAscii( + title = _("String to expect in response headers"), + ) + ), + ( "expect_response", + ListOfStrings( + title = _("Strings to expect in server response"), + help = _("At least one of these strings is expected in " + "the first (status) line of the server response " + "(default: HTTP/1.). If specified skips " + "all other status line logic (ex: 3xx, 4xx, 5xx " + "processing)"), + ) + ), + ( "expect_string", + TextUnicode( + title = _("Fixed string to expect in the content"), + allow_empty = False, + ) + ), + ( "expect_regex", + Transform( + Tuple( + orientation = "vertical", + show_titles = False, + elements = [ + RegExp( + label = _("Regular expression: "), + mode = RegExp.infix, + ), + Checkbox(label = _("Case insensitive")), + Checkbox(label = _("return CRITICAL if found, OK if not")), + Checkbox(label = _("Multiline string matching")), + ] + ), + forth = lambda x: len(x) == 3 and tuple(list(x) + [False]) or x, + title = _("Regular expression to expect in content"), + ), + ), + ( "post_data", + Tuple( + title = _("Send HTTP POST data"), + elements = [ + TextUnicode( + title = _("HTTP POST data"), + help = _("Data to send via HTTP POST method. " + "Please make sure, that the data is URL-encoded."), + size = 40, + ), + TextAscii( + title = _("Content-Type"), + default_value = "text/html"), + ] + ) + ), + ( "method", + DropdownChoice( + title = _("HTTP Method"), + default_value = "GET", + choices = [ + ( "GET", "GET" ), + ( "POST", "POST" ), + ( "OPTIONS", "OPTIONS" ), + ( "TRACE", "TRACE" ), + ( "PUT", "PUT" ), + ( "DELETE", "DELETE" ), + ( "HEAD", "HEAD" ), + ( "CONNECT", "CONNECT" ), + ( "PROPFIND", "PROPFIND" ), + ] + ) + ), + ( "no_body", + FixedValue( + value = True, + title = _("Don't wait for document body"), + help = _("Note: this still does an HTTP GET or POST, not a HEAD."), + totext = _("don't wait for body") + ) + ), + ( "page_size", + Tuple( + title = _("Page size to expect"), + elements = [ + Integer(title = _("Minimum"), unit=_("Bytes")), + Integer(title = _("Maximum"), unit=_("Bytes")), + ] + ) + ), + ( "max_age", + Age( + title = _("Maximum age"), + help = _("Warn, if the age of the page is older than this"), + default_value = 3600 * 24, + ) + ), + ( "urlize", + FixedValue( + value = True, + title = _("Clickable URLs"), + totext = _("Format check output as hyperlink"), + help = _("With this option the check produces an output that is a valid hyperlink " + "to the checked URL and this clickable."), + ) + ), + ("extended_perfdata", FixedValue( + value = True, + totext = _("Extended perfdata"), + title = _("Record additional performance data"), + help = _("This option makes the HTTP check produce more detailed performance data values " + "like the connect time, header time, time till first byte received and the " + "transfer time."), + )), + ( "verbose", FixedValue( + value=True, + title=_("Verbose output"), + totext=_("Give verbose output"), + )), + ] + ), + + Dictionary( + title = _("Check SSL Certificate Age"), + elements = [ + ( "cert_days", + Transform( + Tuple( + title = _("Age"), + help = _("Minimum number of days a certificate has to be valid. " + "Port defaults to 443. When this option is used the URL " + "is not checked."), + elements = [ + Integer(title = _("Warning at or below"), minvalue = 0, unit = _("days")), + Integer(title = _("Critical at or below"), minvalue = 0, unit = _("days")), + ], + ), + forth = transform_cert_days, + ), + ), + ( "cert_host", + TextAscii( + title = _("Check Certificate of different IP / DNS Name"), + help = _("For each SSL certificate on a host, a different IP address is needed. " + "Here, you can specify the address if it differs from the " + "address from the host primary address."), + ), + ), + ( "port", + Integer( + title = _("TCP Port"), + minvalue = 1, + maxvalue = 65535, + default_value = 443, + ), + ), + ip_address_family_element, + ( "sni", + FixedValue( + value = True, + totext = _("enable SNI"), + title = _("Enable SSL/TLS hostname extension support (SNI)"), + ), + ), + ( "proxy", + TextAscii( + title = _("Proxy host"), + help = _("To use a proxy you have to specify the Port of the proxy. ") + ), + ), + ( "proxy_auth", + Tuple( + title = _("Proxy-Authorization"), + help = _("Credentials for HTTP Proxy with basic authentication"), + elements = [ + TextAscii( + title = _("Username"), + size = 12, + allow_empty = False + ), + IndividualOrStoredPassword( + title = _("Password"), + ), + ] + ) + ), + ], + required_keys = [ "cert_days" ], + ), + ] + ), + ] + ), + match = 'all' +) + +register_rule(group, + "active_checks:ldap", + Tuple( + title = _("Check access to LDAP service"), + help = _("This check uses check_ldap from the standard " + "Nagios plugins in order to try the response of an LDAP " + "server."), + elements = [ + TextUnicode( + title = _("Name"), + help = _("The service description will be LDAP plus this name. If the name starts with " + "a caret (^), the service description will not be prefixed with LDAP." ), + allow_empty = False), + TextAscii( + title = _("Base DN"), + help = _("LDAP base, e.g. ou=Development, o=Mathias Kettner GmbH, c=de"), + allow_empty = False, + size = 60), + Dictionary( + title = _("Optional parameters"), + elements = [ + ( "attribute", + TextAscii( + title = _("Attribute to search"), + help = _("LDAP attribute to search, " + "The default is (objectclass=*)."), + size = 40, + allow_empty = False, + default_value = "(objectclass=*)", + ) + ), + ( "authentication", + Tuple( + title = _("Authentication"), + elements = [ + TextAscii( + title = _("Bind DN"), + help = _("Distinguished name for binding"), + allow_empty = False, + size = 60, + ), + Password( + title = _("Password"), + help = _("Password for binding, if your server requires an authentication"), + allow_empty = False, + size = 20, + ) + ] + ) + ), + ( "port", + Integer( + title = _("TCP Port"), + help = _("Default is 389 for normal connections and 636 for SSL connections."), + minvalue = 1, + maxvalue = 65535, + default_value = 389) + ), + ( "ssl", + FixedValue( + value = True, + totext = _("Use SSL"), + title = _("Use LDAPS (SSL)"), + help = _("Use LDAPS (LDAP SSLv2 method). This sets the default port number to 636")) + + ), + ( "hostname", + TextAscii( + title = _("Alternative Hostname"), + help = _("Use a alternative field as Hostname in case of SSL Certificate Problems (eg. the Hostalias )"), + size = 40, + allow_empty = False, + default_value = "$HOSTALIAS$", + ) + ), + ( "version", + DropdownChoice( + title = _("LDAP Version"), + help = _("The default is to use version 2"), + choices = [ + ( "v2", _("Version 2") ), + ( "v3", _("Version 3") ), + ( "v3tls", _("Version 3 and TLS") ), + ], + default_value = "v2", + ) + ), + ( "response_time", + Tuple( + title = _("Expected response time"), + elements = [ + Float( + title = _("Warning if above"), + unit = "ms", + default_value = 1000.0), + Float( + title = _("Critical if above"), + unit = "ms", + default_value = 2000.0), + ]) + ), + ( "timeout", + Integer( + title = _("Seconds before connection times out"), + unit = _("sec"), + default_value = 10, + ) + ), + ]) + ]), + match = 'all' +) + +def transform_smtp_address_family(val): + if "ip_version" in val: + val["address_family"] = val.pop("ip_version") + return val + +register_rule(group, + "active_checks:smtp", + Tuple( + title = _("Check access to SMTP services"), + help = _("This check uses check_smtp from the standard " + "Nagios plugins in order to try the response of an SMTP " + "server."), + elements = [ + TextUnicode( + title = _("Name"), + help = _("The service description will be SMTP plus this name. If the name starts with " + "a caret (^), the service description will not be prefixed with SMTP." ), + allow_empty = False), + Transform( + Dictionary( + title = _("Optional parameters"), + elements = [ + ( "hostname", + TextAscii( + title = _("DNS Hostname or IP address"), + allow_empty = False, + help = _("You can specify a hostname or IP address different from the IP address " + "of the host as configured in your host properties."))), + ( "port", + Transform( + Integer( + title = _("TCP Port to connect to"), + help = _("The TCP Port the SMTP server is listening on. " + "The default is 25."), + size = 5, + minvalue = 1, + maxvalue = 65535, + default_value = "25", + ), + forth = int, + ) + ), + ip_address_family_element, + ( "expect", + TextAscii( + title = _("Expected String"), + help = _("String to expect in first line of server response. " + "The default is 220."), + size = 8, + allow_empty = False, + default_value = "220", + ) + ), + ('commands', + ListOfStrings( + title = _("SMTP Commands"), + help = _("SMTP commands to execute."), + ) + ), + ('command_responses', + ListOfStrings( + title = _("SMTP Responses"), + help = _("Expected responses to the given SMTP commands."), + ) + ), + ("from", + TextAscii( + title = _("FROM-Address"), + help = _("FROM-address to include in MAIL command, required by Exchange 2000"), + size = 20, + allow_empty = True, + default_value = "", + ) + ), + ("fqdn", + TextAscii( + title = _("FQDN"), + help = _("FQDN used for HELO"), + size = 20, + allow_empty = True, + default_value = "", + ) + ), + ( "cert_days", + Transform( + Tuple( + title = _("Minimum Certificate Age"), + help = _("Minimum number of days a certificate has to be valid"), + elements = [ + Integer(title = _("Warning at or below"), minvalue = 0, unit = _("days")), + Integer(title = _("Critical at or below"), minvalue = 0, unit = _("days")), + ], + ), + forth = transform_cert_days, + )), + ("starttls", + FixedValue( + True, + totext = _("STARTTLS enabled."), + title = _("Use STARTTLS for the connection.") + ) + ), + ( "auth", + Tuple( + title = _("Enable SMTP AUTH (LOGIN)"), + help = _("SMTP AUTH type to check (default none, only LOGIN supported)"), + elements = [ + TextAscii( + title = _("Username"), + size = 12, + allow_empty = False), + Password( + title = _("Password"), + size = 12, + allow_empty = False), + ] + ) + ), + ("response_time", + Tuple( + title = _("Expected response time"), + elements = [ + Integer( + title = _("Warning if above"), + unit = _("sec") + ), + Integer( + title = _("Critical if above"), + unit = _("sec") + ), + ]) + ), + ( "timeout", + Integer( + title = _("Seconds before connection times out"), + unit = _("sec"), + default_value = 10, + ) + ), + ] + ), + forth=transform_smtp_address_family, + ) + ] + ), + match = 'all' +) + +register_rule(group, + "active_checks:disk_smb", + Dictionary( + title = _("Check access to SMB share"), + help = _("This ruleset helps you to configure the classical Nagios " + "plugin check_disk_smb that checks the access to " + "filesystem shares that are exported via SMB/CIFS."), + elements = [ + ( "share", + TextUnicode( + title = _("SMB share to check"), + help = _("Enter the plain name of the share only, e. g. iso, not " + "the full UNC like \\\\servername\\iso"), + size = 32, + allow_empty = False, + )), + ( "workgroup", + TextUnicode( + title = _("Workgroup"), + help = _("Workgroup or domain used (defaults to WORKGROUP)"), + size = 32, + allow_empty = False, + )), + ( "host", + TextAscii( + title = _("NetBIOS name of the server"), + help = _("If omitted then the IP address is being used."), + size = 32, + allow_empty = False, + )), + ( "port", + Integer( + title = _("TCP Port"), + help = _("TCP port number to connect to. Usually either 139 or 445."), + default_value = 445, + minvalue = 1, + maxvalue = 65535, + )), + ( "levels", + Tuple( + title = _("Levels for used disk space"), + elements = [ + Percentage(title = _("Warning if above"), default_value = 85, allow_int = True), + Percentage(title = _("Critical if above"), default_value = 95, allow_int = True), + ] + )), + ( "auth", + Tuple( + title = _("Authorization"), + elements = [ + TextAscii( + title = _("Username"), + allow_empty = False, + size = 24), + Password( + title = _("Password"), + allow_empty = False, + size = 12), + ], + )), + ], + required_keys = [ "share", "levels" ], + ), + match = 'all' +) + +def PluginCommandLine(): + return TextAscii( + title = _("Command line"), + help = _("Please enter the complete shell command including path name and arguments to execute. " + "If the plugin you like to execute is located in either ~/local/lib/nagios/plugins " + "or ~/lib/nagios/plugins within your site directory, you can strip the path name and " + "just configure the plugin file name as command check_foobar.") + monitoring_macro_help(), + size = "max", + validate = validate_custom_check_command_line, + ) + + +def validate_custom_check_command_line(value, varprefix): + if "--pwstore=" in value: + raise MKUserError(varprefix, _("You are not allowed to use passwords from the password store here.")) + + +register_rule(group, + "custom_checks", + Dictionary( + title = _("Classical active and passive Monitoring checks"), + help = _("With this ruleset you can configure "classical Monitoring checks" " + "to be executed directly on your monitoring server. These checks " + "will not use Check_MK. It is also possible to configure passive " + "checks that are fed with data from external sources via the " + "command pipe of the monitoring core."), + elements = [ + ( "service_description", + TextUnicode( + title = _("Service description"), + help = _("Please make sure that this is unique per host " + "and does not collide with other services."), + allow_empty = False, + default_value = _("Customcheck")) + ), + ( "command_line", + PluginCommandLine(), + ), + ( "command_name", + TextAscii( + title = _("Internal command name"), + help = _("If you want, you can specify a name that will be used " + "in the define command section for these checks. This " + "allows you to a assign a custom PNP template for the performance " + "data of the checks. If you omit this, then check-mk-custom " + "will be used."), + size = 32) + ), + ( "has_perfdata", + FixedValue( + title = _("Performance data"), + value = True, + totext = _("process performance data"), + ) + ), + ( "freshness", + Dictionary( + title = _("Check freshness"), + help = _("Freshness checking is only useful for passive checks when the staleness feature " + "is not enough for you. It changes the state of a check to a configurable other state " + "when the check results are not arriving in time. Staleness will still grey out the " + "test after the corrsponding interval. If you don't want that, you might want to adjust " + "the staleness interval as well. The staleness interval is calculated from the normal " + "check interval multiplied by the staleness value in the Global Settings. " + "The normal check interval can be configured in a separate rule for your check."), + optional_keys = False, + elements = [ + ( "interval", + Integer( + title = _("Expected update interval"), + label = _("Updates are expected at least every"), + unit = _("minutes"), + minvalue = 1, + default_value = 10, + )), + ( "state", + DropdownChoice( + title = _("State in case of absent updates"), + choices = [ + ( 1, _("WARN") ), + ( 2, _("CRIT") ), + ( 3, _("UNKNOWN") ), + ], + default_value = 3, + )), + ( "output", + TextUnicode( + title = _("Plugin output in case of absent updates"), + size = 40, + allow_empty = False, + default_value = _("Check result did not arrive in time") + )), + ], + ) + ), + + ], + required_keys = [ "service_description" ], + ), + match = 'all' +) + +register_rule(group, + "active_checks:bi_aggr", + Tuple( + title = _("Check State of BI Aggregation"), + help = _("Connect to the local or a remote monitoring host, which uses Check_MK BI to aggregate " + "several states to a single BI aggregation, which you want to show up as a single " + "service."), + elements = [ + TextAscii( + title = _("Base URL (OMD Site)"), + help = _("The base URL to the monitoring instance. For example http://mycheckmk01/mysite. " + "You can use macros like $HOSTADDRESS$ and $HOSTNAME$ within this URL to " + "make them be replaced by the hosts values."), + size = 60, + allow_empty = False + ), + TextAscii( + title = _("Aggregation Name"), + help = _("The name of the aggregation to fetch. It will be added to the service description. You can " + "use macros like $HOSTADDRESS$ and $HOSTNAME$ within this parameter to " + "make them be replaced by the hosts values. The aggregation name is the title in the " + "top-level-rule of your BI pack."), + allow_empty = False + ), + TextAscii( + title = _("Username"), + help = _("The name of the user account to use for fetching the BI aggregation via HTTP. When " + "using the cookie based authentication mode (default), this must be a user where " + "authentication is set to \"Automation Secret\" based authentication."), + allow_empty = False + ), + IndividualOrStoredPassword( + title = _("Password / Secret"), + help = _("Valid automation secret or password for the user, depending on the chosen " + "authentication mode. Be aware that this mode has to be enabled on the monitoring instance. " "Otherwise authentication will fail."), + allow_empty = False + ), + Dictionary( + title = _("Optional parameters"), + elements = [ + ("auth_mode", DropdownChoice( + title = _('Authentication Mode'), + default_value = 'cookie', + choices = [ + ('cookie', _('Form (Cookie) based')), + ('basic', _('HTTP Basic')), + ('digest', _('HTTP Digest')), + ('kerberos', _('Kerberos')), + ], + )), + ("timeout", Integer( + title = _("Seconds before connection times out"), + unit = _("sec"), + default_value = 60, + )), + ("in_downtime", + RadioChoice( + title = _("State, if BI aggregate is in scheduled downtime"), + orientation = "vertical", + choices = [ + ( None, _("Use normal state, ignore downtime") ), + ( "ok", _("Force to be OK") ), + ( "warn", _("Force to be WARN, if aggregate is not OK") ), + ] + )), + ("acknowledged", + RadioChoice( + title = _("State, if BI aggregate is acknowledged"), + orientation = "vertical", + choices = [ + ( None, _("Use normal state, ignore acknowledgement") ), + ( "ok", _("Force to be OK") ), + ( "warn", _("Force to be WARN, if aggregate is not OK") ), + ] + )), + ("track_downtimes", + Checkbox( + title = _("Track downtimes"), + label = _("Automatically track downtimes of aggregation"), + help = _("If this is active, the check will automatically go into downtime " + "whenever the aggregation does. This downtime is also cleaned up " + "automatically when the aggregation leaves downtime. " + "Downtimes you set manually for this check are unaffected."), + )), + ] + ), + ] + ), + match = 'all' +) + +register_rule(group, + "active_checks:form_submit", + Tuple( + title = _("Check HTML Form Submit"), + help = _("Check submission of HTML forms via HTTP/HTTPS using the plugin check_form_submit " + "provided with Check_MK. This plugin provides more functionality as check_http, " + "as it automatically follows HTTP redirect, accepts and uses cookies, parses forms " + "from the requested pages, changes vars and submits them to check the response " + "afterwards."), + elements = [ + TextUnicode( + title = _("Name"), + help = _("The name will be used in the service description"), + allow_empty = False + ), + Dictionary( + title = _("Check the URL"), + elements = [ + ("hosts", ListOfStrings( + title = _('Check specific host(s)'), + help = _('By default, if you do not specify any host addresses here, ' + 'the host address of the host this service is assigned to will ' + 'be used. But by specifying one or several host addresses here, ' + 'it is possible to let the check monitor one or multiple hosts.') + )), + ("virthost", TextAscii( + title = _("Virtual host"), + help = _("Set this in order to specify the name of the " + "virtual host for the query (using HTTP/1.1). When you " + "leave this empty, then the IP address of the host " + "will be used instead."), + allow_empty = False, + )), + ("uri", TextAscii( + title = _("URI to fetch (default is /)"), + allow_empty = False, + default_value = "/", + regex = '^/.*', + )), + ("port", Integer( + title = _("TCP Port"), + minvalue = 1, + maxvalue = 65535, + default_value = 80, + )), + ("ssl", FixedValue( + value = True, + totext = _("use SSL/HTTPS"), + title = _("Use SSL/HTTPS for the connection.")) + ), + ("timeout", Integer( + title = _("Seconds before connection times out"), + unit = _("sec"), + default_value = 10, + )), + ("expect_regex", RegExp( + title = _("Regular expression to expect in content"), + mode = RegExp.infix, + )), + ("form_name", TextAscii( + title = _("Name of the form to populate and submit"), + help = _("If there is only one form element on the requested page, you " + "do not need to provide the name of that form here. But if you " + "have several forms on that page, you need to provide the name " + "of the form here, to enable the check to identify the correct " + "form element."), + allow_empty = True, + )), + ("query", TextAscii( + title = _("Send HTTP POST data"), + help = _("Data to send via HTTP POST method. Please make sure, that the data " + "is URL-encoded (for example \"key1=val1&key2=val2\")."), + size = 40, + )), + ("num_succeeded", Tuple( + title = _("Multiple Hosts: Number of successful results"), + elements = [ + Integer(title = _("Warning if equal or below")), + Integer(title = _("Critical if equal or below")), + ] + )), + ] + ), + ] + ), + match = 'all' +) + +register_rule(group, + "active_checks:notify_count", + Tuple( + title = _("Check Number of Notifications per Contact"), + help = _("Check the number of sent notifications per contact using the plugin check_notify_count " + "provided with Check_MK. This plugin counts the total number of notifications sent by the local " + "monitoring core and creates graphs for each individual contact. You can configure thresholds " + "on the number of notifications per contact in a defined time interval. " + "This plugin queries livestatus to extract the notification related log entries from the " + "log file of your monitoring core."), + elements = [ + TextUnicode( + title = _("Service Description"), + help = _("The name that will be used in the service description"), + allow_empty = False + ), + Integer( + title = _("Interval to monitor"), + label = _("notifications within last"), + unit = _("minutes"), + minvalue = 1, + default_value = 60, + ), + Dictionary( + title = _("Optional parameters"), + elements = [ + ("num_per_contact", Tuple( + title = _("Thresholds for Notifications per Contact"), + elements = [ + Integer(title = _("Warning if above"), default_value = 20), + Integer(title = _("Critical if above"), default_value = 50), + ] + )), + ] + ), + ] + ), + match = 'all' +) + +register_rule(group, + "active_checks:traceroute", + Dictionary( + title = _("Check current routing (uses traceroute)"), + help = _("This active check uses traceroute in order to determine the current " + "routing from the monitoring host to the target host. You can specify any number " + "of missing or expected routes in that way detect e.g. an (unintended) failover " + "to a secondary route."), + elements = [ + ( "dns", + Checkbox( + title = _("Name resolution"), + label = _("Use DNS to convert IP addresses into hostnames"), + help = _("If you use this option, then traceroute is not being " + "called with the option -n. That means that all IP addresses " + "are tried to be converted into names. This usually adds additional " + "execution time. Also DNS resolution might fail for some addresses."), + )), + ( "routers", + ListOf( + Tuple( + elements = [ + TextAscii( + title = _("Router (FQDN, IP-Address)"), + allow_empty = False, + ), + DropdownChoice( + title = _("How"), + choices = [ + ( 'W', _("WARN - if this router is not being used") ), + ( 'C', _("CRIT - if this router is not being used") ), + ( 'w', _("WARN - if this router is being used") ), + ( 'c', _("CRIT - if this router is being used") ), + ] + ), + ] + ), + title = _("Router that must or must not be used"), + add_label = _("Add Condition"), + ) + ), + ( "method", + DropdownChoice( + title = _("Method of probing"), + choices = [ + ( None, _("UDP (default behaviour of tcpdump)") ), + ( "icmp", _("ICMP Echo Request") ), + ( "tcp", _("TCP SYN") ), + ] + ) + ), + ], + optional_keys = False, + ), + match = 'all' +) + +register_rule(group, + 'active_checks:mail_loop', + Dictionary( + title = _('Check Email Delivery'), + help = _('This active check sends out special E-Mails to a defined mail address using ' + 'the SMTP protocol and then tries to receive these mails back by querying the ' + 'inbox of a IMAP or POP3 mailbox. With this check you can verify that your whole ' + 'mail delivery progress is working.'), + optional_keys = ['subject', 'smtp_server', 'smtp_tls', 'smtp_port', 'smtp_auth', 'imap_tls', 'connect_timeout', 'delete_messages', 'duration'], + elements = [ + ('item', TextUnicode( + title = _('Name'), + help = _('The service description will be Mail Loop plus this name'), + allow_empty = False + )), + ('subject', TextAscii( + title = _('Subject'), + allow_empty = False, + help = _('Here you can specify the subject text ' + 'instead of default text \'Check_MK-Mail-Loop\'.'), + )), + ('smtp_server', TextAscii( + title = _('SMTP Server'), + allow_empty = False, + help = _('You can specify a hostname or IP address different from the IP address ' + 'of the host this check will be assigned to.') + )), + ('smtp_tls', FixedValue(True, + title = _('Use TLS over SMTP'), + totext = _('Encrypt SMTP communication using TLS'), + )), + ('imap_tls', FixedValue(True, + title = _('Use TLS for IMAP authentification'), + totext = _('IMAP authentification uses TLS'), + )), + ('smtp_port', Integer( + title = _('SMTP TCP Port to connect to'), + help = _('The TCP Port the SMTP server is listening on. Defaulting to 25.'), + allow_empty = False, + default_value = 25, + )), + ('smtp_auth', Tuple( + title = _('SMTP Authentication'), + elements = [ + TextAscii( + title = _('Username'), + allow_empty = False, + size = 24 + ), + IndividualOrStoredPassword( + title = _('Password'), + allow_empty = False, + size = 12 + ), + ], + )), + ] + mail_receiving_params + [ + ('mail_from', EmailAddress( + title = _('From: email address'), + )), + ('mail_to', EmailAddress( + title = _('Destination email address'), + )), + ('connect_timeout', Integer( + title = _('Connect Timeout'), + minvalue = 1, + default_value = 10, + unit = _('sec'), + )), + ("duration", Tuple( + title = _("Loop duration"), + elements = [ + Age(title = _("Warning at")), + Age(title = _("Critical at")), + ]) + ), + ('delete_messages', FixedValue(True, + title = _('Delete processed messages'), + totext = _('Delete all processed message belonging to this check'), + help = _('Delete all messages identified as being related to this ' + 'check. This is disabled by default, which will make ' + 'your mailbox grow when you not clean it up on your own.'), + )), + ] + ), + match = 'all' +) + +register_rule(group, + 'active_checks:mail', + Dictionary( + title = _('Check Email'), + help = _('The basic function of this check is to log in into an IMAP or POP3 mailbox to ' + 'monitor whether or not the login is possible. A extended feature is, that the ' + 'check can fetch all (or just some) from the mailbox and forward them as events ' + 'to the Event Console.'), + required_keys = [ 'service_description', 'fetch' ], + elements = [ + ('service_description', + TextUnicode( + title = _('Service description'), + help = _('Please make sure that this is unique per host ' + 'and does not collide with other services.'), + allow_empty = False, + default_value = "Email") + ) + ] + mail_receiving_params + [ + ('connect_timeout', Integer( + title = _('Connect Timeout'), + minvalue = 1, + default_value = 10, + unit = _('sec'), + )), + ('forward', Dictionary( + title = _("Forward mails as events to Event Console"), + elements = [ + ('method', Alternative( + title = _("Forwarding Method"), + elements = [ + Alternative( + title = _("Send events to local event console"), + elements = [ + FixedValue( + "", + totext = _("Directly forward to event console"), + title = _("Send events to local event console in same OMD site"), + ), + TextAscii( + title = _("Send events to local event console into unix socket"), + allow_empty = False, + ), + + FixedValue( + "spool:", + totext = _("Spool to event console"), + title = _("Spooling: Send events to local event console in same OMD site"), + ), + Transform( + TextAscii(), + title = _("Spooling: Send events to local event console into given spool directory"), + allow_empty = False, + forth = lambda x: x[6:], # remove prefix + back = lambda x: "spool:" + x, # add prefix + ), + ], + match = lambda x: x and (x == 'spool:' and 2 or x.startswith('spool:') and 3 or 1) or 0 + ), + Tuple( + title = _("Send events to remote syslog host"), + elements = [ + DropdownChoice( + choices = [ + ('udp', _('UDP')), + ('tcp', _('TCP')), + ], + title = _("Protocol"), + ), + TextAscii( + title = _("Address"), + allow_empty = False, + ), + Integer( + title = _("Port"), + allow_empty = False, + default_value = 514, + minvalue = 1, + maxvalue = 65535, + size = 6, + ), + ] + ), + ], + )), + ('match_subject', RegExpUnicode( + title = _('Only process mails with matching subject'), + help = _('Use this option to not process all messages found in the inbox, ' + 'but only the those whose subject matches the given regular expression.'), + mode = RegExp.prefix, + )), + ('facility', DropdownChoice( + title = _("Events: Syslog facility"), + help = _("Use this syslog facility for all created events"), + choices = syslog_facilities, + default_value = 2, # mail + )), + ('application', Alternative( + title = _("Events: Syslog application"), + help = _("Use this syslog application for all created events"), + elements = [ + FixedValue(None, + title = _("Use the mail subject"), + totext = _("The mail subject is used as syslog appliaction"), + ), + TextUnicode( + title = _("Specify the application"), + help = _("Use this text as application. You can use macros like \\1, \\2, ... " + "here when you configured subject matching in this rule with a regular expression " + "that declares match groups (using braces)."), + allow_empty = False, + ), + ] + )), + ('host', TextAscii( + title = _('Events: Hostname'), + help = _('Use this hostname for all created events instead of the name of the mailserver'), + )), + ('body_limit', Integer( + title = _('Limit length of mail body'), + help = _('When forwarding mails from the mailbox to the event console, the ' + 'body of the mail is limited to the given number of characters.'), + default_value = 1000, + )), + ('cleanup', Alternative( + title = _("Cleanup messages"), + help = _("The handled messages (see subject matching) can be cleaned up by either " + "deleting them or moving them to a subfolder. By default nothing is cleaned up."), + elements = [ + FixedValue(True, + title = _('Delete messages'), + totext = _('Delete all processed message belonging to this check'), + ), + TextUnicode( + title = _("Move to subfolder"), + help = _("Specify the destination path in the format Path/To/Folder, for example" + "INBOX/Processed_Mails."), + allow_empty = False, + ), + ] + )), + ] + )), + ] + ), + match = 'all' +) + +register_rule(group, + 'active_checks:mailboxes', + Dictionary( + title = _('Check IMAP Mailboxes'), + help = _('This check monitors count and age of mails in mailboxes.'), + elements = [ + ('service_description', + TextUnicode( + title = _('Service description'), + help = _('Please make sure that this is unique per host ' + 'and does not collide with other services.'), + allow_empty = False, + default_value = "Mailboxes") + ), + ('imap_parameters', imap_parameters), + ('connect_timeout', Integer( + title = _('Connect Timeout'), + minvalue = 1, + default_value = 10, + unit = _('sec'), + )), + ('age', Tuple( + title = _("Message Age"), + elements = [ + Age(title = _("Warning at")), + Age(title = _("Critical at")) + ])), + ('count', Tuple( + title = _("Message Count"), + elements = [ + Integer(title = _("Warning at")), + Integer(title = _("Critical at")) + ])), + ('mailboxes', ListOfStrings( + title = _('Check only the listed mailboxes'), + help = _('By default, all mailboxes are checked with these parameters. ' + 'If you specify mailboxes here, only those are monitored.') + )) + ], + required_keys = [ 'service_description', 'imap_parameters' ] + ), + match = 'all' +) + +register_rule(group, + "active_checks:by_ssh", + Tuple( + title = _("Check via SSH service"), + help = _("Checks via SSH. "), + elements = [ + TextAscii( + title = _("Command"), + help = _("Command to execute on remote host."), + allow_empty = False, + ), + Dictionary( + title = _("Optional parameters"), + elements = [ + ( "description", + TextAscii( + title = _("Service Description"), + help = _("Must be unique for every host. Defaults to command that is executed."), + size = 30) + ), + ( "hostname", + TextAscii( + title = _("DNS Hostname or IP address"), + default_value = "$HOSTADDRESS$", + allow_empty = False, + help = _("You can specify a hostname or IP address different from IP address " + "of the host as configured in your host properties."))), + ( 'port', + Integer( + title = _("SSH Port"), + help = _("Default is 22."), + minvalue = 1, + maxvalue = 65535, + default_value = 22)), + ( "ip_version", + Alternative( + title = _("IP-Version"), + elements = [ + FixedValue( + "ipv4", + totext = "", + title = _("IPv4") + ), + FixedValue( + "ipv6", + totext = "", + title = _("IPv6") + ), + ], + )), + ( "timeout", + Integer( + title = _("Seconds before connection times out"), + unit = _("sec"), + default_value = 10, + ) + ), + ( "logname", + TextAscii( + title = _("Username"), + help = _("SSH user name on remote host"), + size = 30) + ), + ( "identity", + TextAscii( + title = _("Keyfile"), + help = _("Identity of an authorized key"), + size = 30) + ), + ] + ) + ] + ), + match = 'all' +) diff --git a/check_ldap b/check_ldap new file mode 100644 index 0000000..cba2b36 --- /dev/null +++ b/check_ldap @@ -0,0 +1,79 @@ +#!/usr/bin/python +# -*- encoding: utf-8; py-indent-offset: 4 -*- +# +------------------------------------------------------------------+ +# | ____ _ _ __ __ _ __ | +# | / ___| |__ ___ ___| | __ | \/ | |/ / | +# | | | | '_ \ / _ \/ __| |/ / | |\/| | ' / | +# | | |___| | | | __/ (__| < | | | | . \ | +# | \____|_| |_|\___|\___|_|\_\___|_| |_|_|\_\ | +# | | +# | Copyright Mathias Kettner 2014 mk@mathias-kettner.de | +# +------------------------------------------------------------------+ +# +# This file is part of Check_MK. +# The official homepage is at http://mathias-kettner.de/check_mk. +# +# check_mk is free software; you can redistribute it and/or modify it +# under the terms of the GNU General Public License as published by +# the Free Software Foundation in version 2. check_mk is distributed +# in the hope that it will be useful, but WITHOUT ANY WARRANTY; with- +# out even the implied warranty of MERCHANTABILITY or FITNESS FOR A +# PARTICULAR PURPOSE. See the GNU General Public License for more de- +# tails. You should have received a copy of the GNU General Public +# License along with GNU Make; see the file COPYING. If not, write +# to the Free Software Foundation, Inc., 51 Franklin St, Fifth Floor, +# Boston, MA 02110-1301 USA. + +def check_ldap_arguments(params): + name, basedn, settings = params + + if "hostname" in settings: + args = ' -H %s' % quote_shell_string(settings["hostname"]) + else: + args = ' -H $HOSTADDRESS$' + + args += ' -b %s' % quote_shell_string(basedn) + + if "response_time" in settings: + args += ' -w %f -c %f' % ( + settings["response_time"][0]/1000.0, + settings["response_time"][1]/1000.0) + + if "timeout" in settings: + args += ' -t %d' % settings["timeout"] + + if "attribute" in settings: + args += ' -a %s' % quote_shell_string(settings["attribute"]) + + if "authentication" in settings: + binddn, password = settings["authentication"] + args += ' -D %s -P %s' % ( + quote_shell_string(binddn), + quote_shell_string(password)) + + if "port" in settings: + args += ' -p %d' % settings["port"] + + if "version" in settings: + args += { + "v2" : " -2", + "v3" : " -3", + "v3tls" : " -3 -T", + }[settings["version"]] + + if settings.get("ssl"): + args += ' --ssl' + + return args + +def check_ldap_desc(params): + if params[0].startswith("^"): + return params[0][1:] + return "LDAP %s" % params[0] + +active_check_info['ldap'] = { + "command_line" : '$USER1$/check_ldap $ARG1$', + "argument_function" : check_ldap_arguments, + "service_description" : check_ldap_desc, + "has_perfdata" : True, +}